Legal

Patient Fusion Privacy Policy

Introduction

Our mission is to drive better and more affordable healthcare through innovative software and information solutions for providers throughout the care continuum, their patients, and health researchers. Our solutions include our electronic health record, practice management and patient health record software, our care coordination and clinical data transmission services, and our health outcomes research solutions.

This Privacy Policy (this "Policy") applies to the software and information services we offer through our website located at www.patientfusion.com, our cloud-based patient portal, and web-enabled emails sent as part of, in connection with, or relating to such software and information services (collectively, our "Services"). This Policy does not apply to any other services. Maintaining your trust is important to us, and we strongly encourage you to read this Policy in full.

The purpose of this Policy is to describe how we and our partners collect, use, and share information about you. This Policy may incidentally describe how our Services gather and use information about other individuals or information about you that may be submitted by another user. This Privacy Policy, however, only applies to how we and our partners collect, use, and share information about you with respect to the Services covered by our Patient Fusion Terms of Use or our Patient Portal User Agreement ("User Agreement"), and not to any other service we may offer to any other individual or customer.

If your healthcare provider uses our cloud-based electronic health record and practice management solution pursuant to our Practice Fusion Healthcare Provider User Agreement, your provider is subject to laws and regulations governing the use and disclosure of health information it creates or receives, including the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, together with the regulations adopted thereunder ("HIPAA"). When we store, process or transmit "individually identifiable health information" (as defined by HIPAA) on behalf of a healthcare provider who has entered into a Healthcare Provider User Agreement, we do so as its "business associate" (as also defined by HIPAA). Under this agreement, we cannot use or disclose individually identifiable health information in a way that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the individually identifiable health information we store and process on behalf of such providers. For the purpose of this Policy, the term "healthcare provider" means any user who is a "health care provider" (as defined by HIPAA) or any user who is a member of such health care provider's "workforce" (as also defined by HIPAA). For additional information regarding our business associate obligations, please see Sections 4.1.8 and 9 of our Healthcare Provider User Agreement.

Information Collected by Our Services

Information You Submit or We Collect on Your Behalf:

We collect information from you when you:

Enter information on our Services, such as when you request an appointment from a healthcare provider, or you send your doctors a secure message through our patient portal, or complete a form;

Upload a document, image, or other data file on our Services;

Contact us; or

Make a customer service request.

We also collect information on your or your doctor's behalf, such as when your healthcare provider updates your health information that you may access through your patient portal account.

Information we collect about you may include your name, address, telephone number, email address, or the information you enter on or upload to our Services.

Automatically Collected Information:

We and our partners automatically gather information whenever you visit, log in, or otherwise interact with our Services, including when you receive emails delivered via our Services. We and our partners use the technologies described below and similar technologies that may not be expressly described (which we collectively call "Engagement Tools") to gather this information to enhance and operate our Services in a number of ways, such as to:

Save user preferences and information;

Preserve session settings and activity;

Authenticate users;

Enable support and security features;

Tailor the delivery of informational messages; and

Analyze the performance and use of our Services and its various features and content.

Even if you do not register with us or submit any information on our Services, our Engagement Tools will automatically receive information about, and the software running on, the computer, mobile phone, or tablet (each, a "Device") you use to interact with our Services.

Cookies & Similar Technologies: We and our partners collect information about you and your Devices through cookies, web beacons, and similar technologies. A "cookie" is a small data file sent from a website and stored on your Device to identify your Device in the future and allow for an enhanced personalized user experience based on your previous activity on the website. A "session cookie" disappears after you close your web browser, or may expire after a fixed period of time. A "persistent cookie" remains after you close your web browser and may be accessed every time you use our Services. We and our partners may use both session and persistent cookies on our Services. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Services.

Some of our partners deploy these technologies directly on our Services. These third parties may collect information over time about your use of our Services, as well as your online activities across other websites or online services. Some third parties may allow you to opt-out of targeted advertising based on this information. You can find more information about these opt-outs from the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA).

How We Use Information

We may use the information we collect for the following purposes:

Operating our Services and developing new functionality and features;

Responding to questions and communications, or obtaining your feedback about our Services;

Preparing and delivering announcements about features, functionality, terms of use, or other aspects of our Services;

Providing you with more relevant content, including medical-related information your healthcare provider may share with you through the Services;

Analyzing usage trends and patterns and measuring the effectiveness of the Services and its features;

Safeguarding and protecting our Services, the information we collect, and the rights of us, our users or third parties, and in response to legal process;

Any other purpose described in this Policy or your User Agreement; or

When we otherwise have your permission.

How our Services Allow Users to Share Information:

One-on-One Communications:

Our Services can be used to facilitate one-on-one communications users and other persons. Examples include:

When you request to make an appointment with your healthcare provider;

When your healthcare provider sends you a secure message to your patient portal; or

When your provider sends you an appointment confirmation or cancellation notice.

In any one-on-one communication, the communication may include contact and other personally identifiable information.

Directories:

The Services include a public directory of healthcare professionals, one or more of which you may desire to book an appointment with. If you visit our Services seeking to contact or schedule an appointment with a provider listed in one of our directories, you may need to submit personally identifiable and other information.

Public Forums:

Our Services include public forums that allow users to communicate with groups of users or the general public. Information a user posts in one of our communities may be available to a wide range of individuals, and should be presumed public. We strongly advise users to exercise care in selecting what information they share with our communities or public forums, and strongly recommend against sharing any personally identifiable, health, or other sensitive information that could directly or indirectly be traced to any individual, including themselves.

Surveys and Feedback:

From time to time you may receive survey requests through emails or displays within our Services that request feedback regarding your satisfaction with our Services or the services of our healthcare provider users, or other topics. These communications will frequently be either on behalf of your healthcare provider or us, as your healthcare provider's business associate. If you choose to respond to one of these survey requests, you may be asked to provide information that may be used to supplement information that you submitted to our Services. This information may be shared with your healthcare provider or you may otherwise be informed within the survey request itself.

Records:

Our Services allow users to store personally identifiable and health information ("Records"), including Records that identify other individuals, such as your doctor or a relative. Certain of our Services permit users to share all or portions of these Records at their discretion.

You should be aware that this Policy covers only the information you submit through our Services. If you contact or exchange information with another user in person or through a means other than our Services, such activity is not covered by this Policy. Because our Services enable users to share information you share with them, you should take care in selecting with whom you share your Records and other information. Although our Services process such transmissions, we are not responsible for the actions of persons with whom you share your Records and other information.

Emails and Other Communications:

Our Services allow users to communicate with others through our in-product instant messaging services, Service-branded emails, and other electronic communication channels. Communications that are sent by or on behalf of a user are indicated as being "From" that user, such as when our Services send an appointment notification from, and on behalf of, a healthcare provider to his or her patient. Additionally, we may communicate administrative or Service-related announcements through email or other communications within our Services. These communications may be "real time" communications or communications triggered automatically upon the occurrence of certain events or dates – such as a repeated sign-in failure or an appointment notification. Please note that you may not be able to opt out of receiving certain messages from us.

Sharing of Information

We may share information you submit to us with third parties under the following circumstances:

When you choose to share such information through our Services, such as "one-on-one" communications between a healthcare provider and a patient;

With third party service providers that have agreed to confidentiality obligations, which may include, as applicable, business associate contract obligations;

To protect our Services, the information we collect, and the rights of us, our users, and any third parties;

To detect, prevent, investigate, or address fraud, illegal activity, or violations of our terms and agreements;

In response to legal process, such as a search warrant, court order, or subpoena, or when we have a good faith belief that the law requires us to do so;

With our current and future subsidiaries or corporate affiliates or actual or potential investors;

In connection with a potential or actual sale, merger, transfer, exchange, reorganization or other disposition (whether of assets, stock, or otherwise) of all or a portion of the business conducted by our Services. If such a transaction occurs, the acquiring company's use of your information will remain subject to this Policy, as may be subsequently amended;

Any other purposes described in this Policy or your User Agreement; or

When we otherwise have your permission.

Security

To help prevent unauthorized access, maintain data accuracy, and protect against the inappropriate use of the information we collect, store, and transmit, we deploy a range of technical, physical and administrative safeguards. Under our Healthcare Provider User Agreement and applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of individually identifiable health information residing on, and processed by, those elements of our Services that we operate as a business associate on behalf of healthcare providers. It is important to remember, however, that no system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our Services.

Third Party Services

This Policy applies only to our Services. It does not apply to services offered by third parties, including websites and other online services that our Services may display links to or to content appearing within the Services. When you click on such links or content, you may be visiting websites or interactive services operated by third parties, who have their own information collection practices and may also collect information through the use of Engagement Tools. We do not have control over how any third party collects or uses information, so you should review their privacy policies to learn of their practices.

Changes to this Policy

We believe in continuous innovation, which, along with changes in our business, may require that we amend this Policy from time to time. We will post a revised Policy along with its effective date on this page. Because this Policy can change at any time, we encourage you to reread it periodically to see if there have been any changes, amendments, or updates. If you object to the changes or any terms within this Policy or the User Agreements, you should discontinue using our Services. Your continued use of our Services following the effective date means that you have consented to the Policy, as amended, changed, or updated.

Viewing and Updating Your Information

Our Services aim to provide you with access to the information you submit and the means to update it within our Services consistent with applicable law. This can be accomplished by logging into our Services and updating that information, although please be advised of the important limitations described below. Under certain circumstances, you may be required to undergo an authentication or access control procedure.

Please note that if your healthcare provider has enabled you to receive a patient portal account pursuant to the Patient Portal User Agreement, your healthcare provider also retains the ability to revoke your access to your patient portal account at any time. Patients should submit any questions or requests regarding access to their patient portal accounts directly to the healthcare provider that authorized the account.

If you have used our Services to share information with another user or a third party, you will not be able to access, update, or delete that shared information. Further, if another user of our services submits information that identifies you, you will not be able to access, update, or delete that information.

Certain users – such as healthcare providers – may be required under applicable laws or regulations to retain information about you for extended periods of time or indefinitely. Additionally, we may have independent obligations under applicable laws or regulations to retain such information indefinitely. Finally, for disaster recovery and business continuity purposes we retain copies of data stored by our Services for indefinite periods of time.

HIPAA grants patients certain rights to access and amend certain health information that their healthcare providers retain about them. Patients should submit requests to access or amend their health information directly to their healthcare providers.